The Ongoing Shift in Supply Chain Software Architecture Is Rapidly Increasing Cyber Vulnerabilities

Almost all supply chain software providers are moving toward “cloud-native” and “microservices architecture” based solutions. Systems built in this way are being heavily marketed as the industry shifts away from siloed, point solutions to end-to-end visibility and planning. And while there’s no denying the benefits that come from more system connectivity, data sharing, and scalable infrastructure for improved supply chain operations, vulnerability to cyberattacks is also increasing.

Through 2025, data breaches that involve a third party have doubled since 2024 to 30% according to the Verizon Data Breach Investigations Report (DBIR), with attackers increasingly targeting poorly secured vendors for lateral movement into larger corporate networks. And the cost of each data breach is also increasing, due to the cascading effect of breaches across cloud providers and the enterprises that are cloud-reliant, with common integrations with cloud-based enterprise applications often exploited to gain lateral access to systems throughout the supply chain, especially given the proliferation of overly broad and excessive Application Programming Interface (API) permissions. Customer Relationship Management (CRM) systems are a prominent example here. According to the Cost of a Data Breach 2025 report, the global average cost of a data breach has now reached US$4.4 million and is even higher at US$10.2 million in the United States.

Cybersecurity has been a key restraint for organizations when shifting their on-premises systems to the cloud, but the pace of innovation in cloud-based platforms has required companies to make the shift to keep digitally up-to-date. And despite the increasing number and cost of cyberattacks on the supply chain, companies intend to keep moving more of their systems into the cloud. According to a recent survey by ABI Research of supply chain professionals, 66.7% of respondents have already implemented, or are in the process of implementing public cloud infrastructure, with a further 20.4% currently evaluating their options. And on the provider side, large software vendors are reporting over 95% of their new business being cloud-based, with on-premises being increasingly phased out.

When integrated with the cloud versus a typical on-premises system, organizations’ attack surfaces become wider, and having a microservices architecture inherently generates more prospective attack vectors for hackers to target. But more concerning is the connection with other systems on the same network, meaning that a single point of weakness can lead to multiple company systems being hacked. This takes control away from individual companies, regardless of how much they invest in their own personal cybersecurity.

This interconnected problem was shown back in August, when hackers exploited conversational marketing platform Drift—owned by Salesloft, which has integrations with Salesforce. This chain allowed the attackers to gain unauthorized access to a well-protected environment through a single weak link and gain access to customer data. Over 700 organizations spanning multiple industries were reportedly impacted by the attack.

The cyberattack on Blue Yonder at the end of 2024 shows again just how extensive a single attack can be when so many systems are interconnected via a shared cloud provider. U.K. grocery chains Morrisons and Sainsburys saw significant impacts on their stock replenishment workflows and had to revert to backup manual processes; Starbucks in the United States had to abandon its automated scheduling software and resort to manual processes to process payrolls; and French manufacturer BIC faced severe shipping delays with its systems down.

The very nature of the supply chain also means that any organization affected has a knock-on effect to potentially thousands of others. The recent cyberattack on Jaguar Land Rover (JLR) in the United Kingdom has affected over 5,000 businesses in their supply chain, with some suppliers even now facing bankruptcy as a result of JLR stopping production. The estimated cost of the damages sits at £1.9 billion, showing just how impactful a single attack can be on a supply chain.

The industry should not stop its move to the cloud, and more connectivity across supply chain networks is still the best way to improve operational efficiency. But it’s essential that organizations are aware of the risks and adopt a proactive strategy to identifying cyber vulnerabilities.

When migrating systems to the cloud, or adopting cloud-based solutions, this does not absolve organizations of their responsibility to protect their internal assets. Misconfigured in-house systems and integrations with legacy technologies remain particularly vulnerable to attacks. And this is increasingly important as companies handle more connected assets and weave in additional point systems to orchestrate their manual and automated material handling processes. Organizations must invest heavily in both their Information Technology (IT) and Operational Technology (OT) environments, ensuring robust endpoint security and continuously monitoring for potential issues.

Solution providers also play a major role and must start putting cybersecurity front and center. Very few software providers in the supply chain space currently do, leaving end users with a lack of understanding of the potential threats, and the role that they need to play in securing the overall cloud environment. Supply chains are a vast mix of businesses sizes, from tiny suppliers to multi-national retailers, so offering tailored guidance and support is critical to securing the entire network.

Companies should also put more pressure on their technology providers at all levels. A warehouse, for example, could have a mixture of warehouse devices from Zebra or Honeywell; automated systems from Locus Robotics or AutoStore; work with System Integrators (SIs) like KNAPP or Dematic; and are likely to be adopting a cloud-native Warehouse Management System (WMS) from Blue Yonder, Manhattan Associates, or Infios—and this is just to name a few. All of these providers play a key role in the end user’s cybersecurity, but it’s rarely a priority for them, and so end users must be proactive in ensuring that providers do their due diligence.

The European Union’s (EU) Cyber Resilience Act (CRA), which is mandating that companies establish a Software Bill of Materials (SBOM) by December 2027, represents a key step forward to ensuring that companies have visibility of their software environments to better identify potential threats. This may be 2 years away, but companies should work on establishing this as early as possible and develop a joint strategy alongside their suppliers and Third-Party Logistics (3PL) providers. For suppliers and 3PL providers, promoting cyber resilience will go a long way when bidding for new business, especially with more high-profile cyberattacks like those on Blue Yonder and JLR in the news.